Description

Acra encryption suite — data protection in distributed applications, web and mobile apps that use PostgreSQL/MySQL RDBMS.

Acra provides selective encryption, multi-layered access control, SQL firewall (SQL injections prevention), database leakage prevention, and intrusion detection capabilities in a convenient, developer-friendly package. See the full list of features in Acra repository.

Acra’s cryptographic design ensures that no secret (password, key, etc.) leaked from the application or database will be sufficient for decryption of the protected data chunks that originate from it.

Acra minimises the attack surface, detects unauthorised behaviour, and prevents the leakage, informing operators of the incident underway. Acra provides a solid foundation for encryption-demanding regulations. As an additional configuration for better security, Acra supports client-side encryption (using client-side AcraWriter libraries).

AcraServer is a network service that works as a database proxy: it transparently sits between your application and the database and silently listens to all the traffic coming to and from the database. AcraServer monitors the incoming SQL requests and blocks the unwanted ones using the built-in configurable SQL firewall. On receiving SQL queries, AcraServer parses each query, encrypts the desired values into AcraStructs (special cryptographic containers), and passes the modified queries to the database and the database response – back to the client application.

When the client application wants to read the data, it sends a read query to the database (via AcraServer). Upon retrieving the database response, AcraServer tries to detect AcraStructs, decrypts them, and returns the decrypted data to the application.